Welcome to WebmasterWorld Guest from 54.90.185.120

Forum Moderators: open

Message Too Old, No Replies

Chrome 68 will mark all HTTP sites "not secure"

     
8:51 pm on Feb 8, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1984
votes: 331


For the past several years, we’ve moved toward a more secure web by strongly advocating that sites adopt HTTPS encryption. And within the last year, we’ve also helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.
Source: A secure web is here to stay [security.googleblog.com]

No surprise here, of course. For those still on HTTP, you are now a minority [httparchive.org] (at least in the Alexa Top 1M).

A decent checklist for moving to HTTPS can be found here: HTTP to HTTPS: An SEO’s guide to securing a website [searchengineland.com]
3:16 am on Feb 9, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890


Note the language has now changed from "pages" to "sites."
9:40 am on Feb 9, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1984
votes: 331


Good catch. Pages was probably more appropriate then because the warning only triggered when a form was present.

Now it's becoming a side-wide thing. I applaud them for pushing HTTPS as much as they are, it's really making a difference.
10:37 am on Feb 9, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25669
votes: 787


This is potentially very significant.
That notification is really going to mean traffic drops if people actually look at it and understand it. If they misunderstand it, the message coule put people off thinking they may have problems with the site.
I suspect many will not actually click through to a site in the SERPs.

Added, here is some of the coverage on WebmasterWorld on HTTPS
Can changing site from HTTP to HTTPS impact SEO? [webmasterworld.com]
Be HTTPs by October or Chrome will show "not secure" flag [webmasterworld.com]
Upgrade to HTTPS - Absolute vs. Relative Links? [webmasterworld.com]
What will happen if I don't switch to HTTPS? [webmasterworld.com]
HTTPS and Adsense [webmasterworld.com]
10:56 am on Feb 9, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890


Chrome desktop & mobile just updated to v64 a few days ago. If we're to see v68 at the beginning of July, that amounts to roughly a new browser version each month.
11:25 am on Feb 9, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1984
votes: 331


I suspect many will not actually click through to a site in the SERPs.

Last I heard, there are no plans to mark sites as insecure in the SERPs, so people would have to notice the missing "https://" in the URL.
12:05 pm on Feb 9, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890


I suspect that at some point in the future, any unsecure site will either be significantly demoted, or removed from SERP altogether.
12:38 pm on Feb 9, 2018 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25669
votes: 787


Last I heard, there are no plans to mark sites as insecure in the SERPs, so people would have to notice the missing "https://" in the URL.

That'll be an interesting on. It won't be long, i'm sure, hence my comment.
I suspect that at some point in the future, any unsecure site will either be significantly demoted, or removed from SERP altogether.

That's my feeling, too. It'll mean Google can clear out all the old sites from the SERPs.

I wonder if cached will show the same in the browser.
https://4.bp.blogspot.com/-oAJeUbJnMuI/WnyIVo784XI/AAAAAAAAA3I/3taa_6tLV3QZ_9ao0T7_xl4_VWhM6y0WwCEwYBhgL/s1600/pasted%2Bimage%2B0%2B%25282%2529.png
1:01 am on Feb 10, 2018 (gmt 0)

New User

joined:Nov 18, 2017
posts:2
votes: 0


I have a question: Most of my old sites are HTTP and all my backlinks are pointing to HTTP. However I have WHM/CPanel in my Servers and I enabled the AutoSSL/LetsEncrypt already. I do know i type https:// then it would work, but I still don't know how to transfer the HTTP to HTTPS smoothly, with the ranking and backlinks... Could anyone teach me about this please?
1:33 am on Feb 10, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890


@sunxvogy - read the links engine supplied above. After following those instructions, if you are still having difficulties, start a *new* discussion.
8:08 pm on Feb 10, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member aristotle is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Aug 4, 2008
posts:3462
votes: 297


Well my http sites are still doing extremely well, as traffic from google for all of them has either held steady or continued to climb. I also see plenty of other http sites ranking at or near the top of google's search results.

On the other hand, there have been reports that some sites suffered traffic losses immediately after switching to https. Since some of this lost traffic goes to http sites, they get an additional benefit from this as well.

So the current climate is extremely good for http sites. Even so, I've started looking at options for eventually switching at least one of my sites to https.

I don't think switching to https would help traffic much, although Google said that it would be a "tie-breaker" in the search results. But I may want to sell some of my sites eventually, and that might be easier if they are https.
9:30 pm on Feb 10, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890


Well my http sites are still doing extremely well...
That's great... however this announcement appears that your HTTP site may not continue to do "extremely well" after July when Chrome warns your visitors. Don't forget, Chrome is the most used browser in the world, especially on mobile.
1:53 am on Feb 11, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15260
votes: 694


I may want to sell some of my sites eventually, and that might be easier if they are https.
I don't see how A leads to B. Do you mean that https sites have already been through the algorithmic hiccup that comes with a protocol change, so you can safely sell them “as is”?
3:03 am on Feb 11, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member editorialguy is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:June 28, 2013
posts:3351
votes: 703


On the other hand, there have been reports that some sites suffered traffic losses immediately after switching to https.

I wonder how many of those reports are from people who screwed up the changeover?

To anyone who doesn't want to deal with hassle, I say "leave it to CloudFlare, and allow at least half a minute to make the change."
3:42 am on Feb 11, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890


I say "leave it to CloudFlare, and allow at least half a minute to make the change."
And at least a half a minute to load every file. Most sites are much better off optimizing their sites & configs than sticking a CDN in front of an existing problem.
4:17 am on Feb 11, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member editorialguy is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:June 28, 2013
posts:3351
votes: 703


And at least a half a minute to load every file.

Sorry, but that makes no sense at all.
Most sites are much better off optimizing their sites & configs than sticking a CDN in front of an existing problem.

Or, better yet, optimize your site and use a CDN. (Especially if you have a global audience.)
7:55 am on Feb 11, 2018 (gmt 0)

Senior Member from AU 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 22, 2003
posts: 2218
votes: 136


Another nail in the coffin of the very valuable small informational web site.

These very valuable small informational web sites were never made originally with a view to making money - in fact most of them didn't but they did provide an important public service.

In the last few years I've found Google [and the others] becoming less, and less relevant for my searches.

There was once upon a time when any search phrase I used turned up the right informational site on the first page of results. No longer - Google don't index most of them any more [I tested that today]

Why the hell a small informational site needs to be https simply because it is a browser fad is beyond me...

The only large [https] sites I regularly use are my regular news outlets.
8:38 am on Feb 11, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890


Why the hell a small informational site needs to be https simply because it is a browser fad is beyond me...

Why HTTPS Matters [developers.google.com]
12:45 pm on Feb 11, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1984
votes: 331


Sorry, but that makes no sense at all.

It's an exaggeration, of course, but since dynamically generated pages are not cached, a CDN would introduce additional latency and increase the time-to-first-byte (TTFB). You might win back some of that time with faster loading static resources, especially if there are many of them (or particularly large ones), but in my experience a fast first paint will often do more to boost that sense of "snappiness". Ideally, of course, you would create your own CDN where all servers can generate those pages by themselves, but that can be tricky to set up and maintain.

Having a CDN take care of HTTPS for you is not a terrible idea, as they support HTTP/2 and many other optimizations out of the box, but it does create a dependency, and the link between your server and the CDN would technically still be insecure. With the exception of Cloudflare's free plan, bandwidth at CDNs also tends to be very expensive (I once calculated I would be paying 10x my current hosting fees).

Also worth noting is that sticking a CDN in front of your site to get HTTPS does not automatically resolve issues with redirects and mixed content, which is exactly the area where most site owners are likely to break things. A well-executed move to HTTPS will not negatively influence your rankings or cost you any traffic -- except maybe a handful of stubborn users on very old devices.
9:32 pm on Feb 11, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890


A well-executed move to HTTPS will not negatively influence your rankings or cost you any traffic -- except maybe a handful of stubborn users on very old devices.
This needs to be repeated
6:12 am on Feb 12, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator martinibuster is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 13, 2002
posts:14829
votes: 472


...simply because it is a browser fad is beyond me...


It's not beyond you. You just need to be more informed as to why HTTPS is to your benefit and to the benefit of so-called informational sites.

Anyone not adapting to SSL is willfully lagging behind in earnings and relevancy. They would switch to HTTPS if they knew how much HTTPS is to their benefit. Those who stubbornly resist change like SSL are literally self-defeating and digging their own Internet graves.
8:32 am on Feb 12, 2018 (gmt 0)

Senior Member from AU 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 22, 2003
posts: 2218
votes: 136


You just need to be more informed as to why HTTPS is to your benefit

My main site has already been HTTPS coming up 12 months which is not the point. There is ONLY one reason to switch over to HTTPS...

If you don't follow the browser direction to do so - you will be "punished" by the browsers. However Mr Google and other SE's will not improve your position in the SERPS for doing it, Mr AdSense will not send more relevant Ads to your content for doing it. There is no real reward for doing it except the browsers will not punish you.

Better security? I laugh when I here that now. Windows OS, and Browsers all have almost daily security updates simply because their products were defective to begin with.

I'm almost 76 years of age and historically I have always reacted very badly to "do this or be punished" type scenarios. Something I have never, ever had cause to regret at all. Sometimes, many years later I've found myself mighty glad I did...
9:09 am on Feb 12, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1984
votes: 331


You're not being punished, you're just being evaluated more fairly and openly. A HTTP connection is insecure, plain and simple.

Many tend to think too one-sidedly about the benefits of HTTPS: "How does it benefit me?". Consider your users.

(And the people you communicate with over the similarly insecure POP3 or IMAP, if -- like many -- you still do.)
9:38 am on Feb 12, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Feb 12, 2006
posts:2706
votes: 116


Every year google tells us we have to change our sites or suffer in the serps — it’s a different thing every year. At the moment it’s https, in the past it was amp, improve our page speed, make it responsive for mobile, remove half the ads, don’t swap links, delete all the links we swapped, don’t do guest posts, don’t do this don’t do that, and like sheep we do it. I wonder what they’ll have us doing next year.
9:42 am on Feb 12, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1984
votes: 331


Most (if not all) of those are a boon to the Web at large. Unfortunately us "sheep" often need reminders to focus on the user experience.
10:54 pm on Feb 12, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member editorialguy is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:June 28, 2013
posts:3351
votes: 703


It's an exaggeration, of course, but since dynamically generated pages are not cached

Good point, but not all sites use dynamically-generated pages. (There's something to be said for "flat files," especially on informational sites with mostly evergreen content.)
11:14 pm on Feb 12, 2018 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15260
votes: 694


Even if the page content is static html, there may well be dynamic headers or footers. To the designer it's static; to the server it's dynamic. (Crude test: Check your server logs. Unless you find the occasional 304 responses to page requests, they're not really static.)
12:28 am on Feb 13, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890


Point is, a CDN is not a *fix* for not updating a site to be secure.
1:15 am on Feb 13, 2018 (gmt 0)

Senior Member

WebmasterWorld Senior Member editorialguy is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:June 28, 2013
posts:3351
votes: 703


Point is, a CDN is not a *fix* for not updating a site to be secure

My point was simply that at least one CDN makes it very easy for anyone (even the technically clueless) to switch from HTTP to HTTPS, so "It's too hard" or "There's too much risk of screwing it up" is no longer a valid excuse for lagging behind.
1:24 am on Feb 13, 2018 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 890


"There's too much risk of screwing it up" is no longer a valid excuse for lagging behind.
True dat
This 48 message thread spans 2 pages: 48
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members